HackDig : Dig high-quality web security articles for hacker

More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com
Introduction
Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details require

Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products. Microsoft’s patch bundles fix close to 80 separate security problems in various versions of its Windows operating system and related software — including two vulnerabilities that already are being exploited in active attacks. Adobe

The Adobe product security incident response team (PSIRT) accidentally published a private PGP key on its blog, once discovered the issue it quickly revoked it.
On Friday, the Adobe PSIRT updated its Pretty Good Privacy (PGP) key and published the new public key on the blog post. The new key should have been valid until September 2018, but something strange

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out th

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities.
According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by att

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function.
According to the Pareto Principle, security professionals should focus on the

On Tuesday, Adobe released updates for Flash Player, Shockwave Player, Captivate and Digital Editions addressing a total of 20 vulnerabilities.
Some vulnerabilities fixed by Adobe are critical remote code execution issue, the last release, version 26.0.0.126, addressed nine flaws in Flash Player.
The vulnerabilities were tracked as CVE-2017-3075, CVE-2017-30

Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th.Ease of Use (published exploits) to Risk TableAutomated ExploitEasyModerateDifficultExtremely DifficultMS17-006MS17-007MS17-008MS17-013MS17-014MS17-017MS17-018 MS17-012No Known Exploi

Adobe patches vulnerabilities in Flash Player and Shockwave for Windows, Mac, Linux and Chrome OS.
Adobe issued security updates for Flash Player and Shockwave Player products. The security updates released by the company on Tuesday address seven vulnerabilities in Flash Player and one flaw in Shockwave Player.
The Flash Player 25.0.0.127 version fixes criti

A handful of readers have inquired as to the whereabouts of Microsoft‘s usual monthly patches for Windows and related software. Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its F

Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017.There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently installing

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th.Ease of Use (published exploits) to Risk TableAutomated ExploitEasy MS17-001ModerateDifficultExtremely Difficult MS17-004No Known Exploit MS17-002 M

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild.
Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks.
The version 24.0.0.186 of Flash Player addresses

Experts from the firm Recorded Future published a report on the most common vulnerabilities used by threat actors in the exploit kits.
Recorded Future published an interesting report on the most common vulnerabilities used by threat actors in the exploit kits.
The experts observed that Adobe Flash Player and Microsoft products (Internet Explorer, Silverlight